Question

Forensic Readiness What does this mean for a company?

What are some of the benefits for a company?

Explain each one. As an Security Manager of the company how would you present this to the CEO?

Answer 1

Forensic readiness -

Introduction -

The organizations in today's environment are dependent on information technology. By using information technology there is great deal of development as well as associated risk. Hence, various strategies have evolved to minimize and mitigate the associated risk. If an organization business is standstill by an unwanted or unforeseen event, whether natural or man-made, the business needs to recover and continue. So there are some strategies to handle these issues, Forensic readiness is one of the strategies.

What is Forensic readiness -

The digital forensics tools are used to retrieving and analyzing digital evidence. Users of digital devices leave digital footprints whenever they use the systems—be they computer systems, smartphones, mobile phones, tablets or networks. Digital evidences are very important when any unexpected issue arises in organization. Then organization can investigate the matter on the basis of digital evidences and can solve the issue legally.

The business requirement to gather and use digital evidence has been recognized that can enhance computer and network forensics. They propose six categories of policies -

A) Retaining Information

B) Planning the Response

C) Training

D) Accelerating the Investigation

E) Preventing Anonymous Activities

F) Protecting the Evidence.

So the Forensics Readiness is having a level of capabilityin order to be able to preserve, collect, protect and analyze digital evidences so that these can be used effectively in any legal matter, in security investigation, in disciplinary proceedings, in an employee tribunal or in a court of law.

The digital forensics should be carefully planned in the preparation phase. This approach is very important to increase the possibility of optimizing the time and cost and having good results in a digital investigation.

Benefits -

1) Minimizing the cost of cyber investigations:-

The evidence is gathered and acquired in anticipation of an incident, costs and time to respond are minimal, and investigations are efficient and rapidly completed.

2) Quickly determine attack vector:-

If the Organization had all the probes in the active mode and located in a strategic point, the dynamics of a cyber incident will be easier to detect and understand.

3) Reducing cost for data disclosure:-

Especially when it is required, for example for a bank, having the handy evidence and properly preserved, it possible for it to be easily shown.

4) Restore and eradicate from damage more completely and less time consuming:-

The post-incident activities could be much optimized with Forensic Readiness, regarding cost, time and effort.

5) Receive insurance discounts:-

If an organization can prove to be ready to respond an incident, the insurance may make a good price.

Proposal to CEO -

As per discussion it is observed that the to handle unexpected issues inside organization the digital forensics can be used. Digital forensics is tool to collect and preserve the Digital evidences to handle the unexpected issues and helps the organization's operation running. Digital investigation is done on the basis of digital evidences. So it is very important to collect the digital evidences of each activity inside the organization. As the information technology is used mostly in every process so digital evidences can be collected. After collection it is important to preserve the Digital evidences so that they can used when needed by the organization.

So it is very important and beneficial to the company to be the forensic readiness so that organization can handle unexpected issues.